table of contents
MSAJSP

Source Code Archive

More Servlets and JavaServer Pages


Chapter 7: Declarative Security

To view source code for other chapters in this book, mouse over the table of contents bar on the left.

Source Code from Chapter

Note: right-click or shift-click on the links to download the associated file.

Form-based authentication: the hotdotcom application

  • tomcat-users.xml. Tomcat-specific password file.
  • users.properties. JRun-specific password file.
  • web.xml. Deployment descriptor for the hotdotcom application.
  • index.jsp. Top-level home page for the hotdotcom application.
  • company-styles.css. Style sheet used by almost all JSP pages in the hotdotcom application.
  • The admin directory:
    • login.jsp. A login page that follows the standard format: a form with an ACTION of j_security_check, a textfield named j_username, and a password field named j_password.
    • login-error.jsp. Page used to report failed login attempts.
    • delete-account.jsp. Page that is accessible only to users in the administrator role.
    • confirm-deletion.jsp. Page to confirm the deletion of accounts.
  • The investing directory:
    • index.html. Top-level home page. Available only to authenticated users in the registered-user role.
    • account-status.jsp. Page that shows summarized information on a client's account. Available only to authenticated users in the registered-user role.
    • sucker.jsp. Page that confirms a stock purchase. Since the FinalizePurchase servlet uses a RequestDispatcher to invoke this page, no page-specific security settings apply.
  • The ssl directory:
    • buy-stock.jsp. Page used to order stock. Available only with SSL (https) connections.
    • StockInfo.java. Bean used by buy-stock.jsp (not actually in the ssl directory).
    • FinalizePurchaseServlet.java. Servlet that reads credit card information, performs a stock purchase, and displays confirmation page. The servlet is not actually stored in the ssl directory, but the web.xml file assigns the servlet a custom URL that makes it appear that the servlet is in that directory. Available only with SSL (https) connections.
  • The business directory
    • index.html. Top-level home page. Available to all users: no security settings apply.
  • The history directory
    • index.html. Top-level home page. Available to all users: no security settings apply.
  • RedirectorServlet.java. Servlet that simply redirects users to the Web application home page. Registered with the default servlet URL to prevent access to servlets through URLs that have no security settings.
  • hotdotcom.war. The entire hotdotcom application bundled in a WAR (Web ARchive) file.

BASIC authentication: the hotdotcom-internal application

  • web.xml. Deployment descriptor for the hotdotcom-internal application.
  • tomcat-users.xml. Tomcat-specific password file.
  • index.jsp. Top-level home page.
  • company-styles.css. Style sheet used by almost all JSP pages in the hotdotcom-internal application.
  • financial-plan.html. Page that shows the company's financial plan. Available only to authenticated users in the employee or executive roles.
  • business-plan.html. Page that shows the company's business plan. Available only to authenticated users in the executive role.
  • RedirectorServlet.java. Servlet that simply redirects users to the Web application home page. Registered with the default servlet URL to prevent access to servlets through URLs that have no security settings.
  • hotdotcom-internal.war. The entire hotdotcom-internal application bundled in a WAR (Web ARchive) file.

URLs Referenced in Chapter

More Information

Java

Servlets & JSP

JSF
Ajax, GWT, & JavaScript

Spring, Hibernate, & JPA

Struts